Cryptology and Data Security, 2014

	Cryptology and Data Security, 2014

This bibliographical collection lists articles about cryptology and data processing offered in 2014 at various conferences.  This body of research work was reported in the IEEE digital library.  Most of the work was performed abroad, i.e., not U.S. based.  

Karakiş, R.; Güler, I., "An Application of Fuzzy Logic-Based Image Steganography," Signal Processing and Communications Applications Conference (SIU), 2014 22nd, pp.156, 159, 23-25 April 2014. doi: 10.1109/SIU.2014.6830189 Abstract: Today, data security in digital environment (such as text, image and video files) is revealed by development technology. Steganography and Cryptology are very important to save and hide data. Cryptology saves the message contents and Steganography hides the message presence. In this study, an application of fuzzy logic (FL)-based image Steganography was performed. First, the hidden messages were encrypted by XOR (eXclusive Or) algorithm. Second, FL algorithm was used to select the least significant bits (LSB) of the image pixels. Then, the LSBs of selected image pixels were replaced with the bits of the hidden messages. The method of LSB was improved as robustly and safely against steg-analysis by the FL-based LSB algorithm.
Keywords: cryptography; fuzzy logic; image coding; steganography; FL-based LSB algorithm; XOR algorithm; cryptology; data security; eXclusive OR algorithm; fuzzy logic; image steganography; least significant bits; Conferences; Cryptography; Fuzzy logic; Internet; PSNR; Signal processing algorithms (ID#: 15-4797)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830189&isnumber=6830164

Porzio, A., "Quantum Cryptography: Approaching Communication Security from a Quantum Perspective," Photonics Technologies, 2014 Fotonica AEIT Italian Conference on, pp. 1, 4, 12-14 May 2014. doi: 10.1109/Fotonica.2014.6843831 Abstract: Quantum cryptography aims at solving the everlasting problem of unconditional security in private communication. Every time we send personal information over a telecom channel a sophisticate algorithm protect our privacy making our data unintelligible to unauthorized receivers. These protocols resulted from the long history of cryptography. The security of modern cryptographic systems is guaranteed by complexity: the computational power that would be needed for gaining info on the code key largely exceed available one. Security of actual crypto systems is not “by principle” but “practical”. On the contrary, quantum technology promises to make possible to realize provably secure protocols. Quantum cryptology exploits paradigmatic aspects of quantum mechanics, like superposition principle and uncertainty relations. In this contribution, after a brief historical introduction, we aim at giving a survey on the physical principles underlying the quantum approach to cryptography. Then, we analyze a possible continuous variable protocol.
Keywords: cryptographic protocols; data privacy; quantum cryptography; quantum theory; telecommunication security; code key; computational power; continuous variable protocol; privacy protection; quantum cryptography; quantum cryptology; quantum mechanics; quantum technology; superposition principle; uncertainty relations; unconditional private communication security; Cryptography; History; Switches; TV; Continuous Variable; Quantum cryptography (ID#: 15-4798)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6843831&isnumber=6843815

Boorghany, A.; Sarmadi, S.B.; Yousefi, P.; Gorji, P.; Jalili, R., "Random Data and Key Generation Evaluation of Some Commercial Tokens and Smart Cards," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp. 49, 54, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994021 Abstract: In this paper, we report our evaluation of the strength of random number generator and RSA key-pair generator of some commercially available 1 constrained hardware modules, i.e., tokens and smart cards. That was motivated after recent related attacks to RSA public keys, which are generated by constrained network devices and smart cards, and turned out to be insecure due to low-quality randomness. Those attacks are mostly computing pair-wise GCD between the moduli in public keys, and resulted in breaking several thousands of these keys. Our results show that most of the tested hardware modules behave well. However, some have abnormal or weak random generators which seem to be unsuitable for cryptographic purposes. Moreover, another hardware module, in some rare circumstances, unexpectedly generates moduli which are divisible by very small prime factors.
Keywords: public key cryptography; smart cards; RSA key-pair generator; RSA public keys; commercial tokens; commercially available constrained hardware modules; constrained network devices; cryptographic purposes; key generation evaluation; low-quality randomness; pair-wise GCD; random data evaluation; random number generator; smart cards; weak random generators; Generators; Hardware; Java; Public key; Smart cards; Cryptography; GCD Attack; Hardware Security Module; RSA Common Prime; Random Generator Evaluation (ID#: 15-4799)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994021&isnumber=6994006

Yongjun Ren; Yaping Chen; Jin Wang; Liming Fang, "Leakage Resilient Provable Data Possession in Public Cloud Storage," Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2014 Tenth International Conference on, pp.706,709, 27-29 Aug. 2014. doi: 10.1109/IIH-MSP.2014.182 Abstract: Cloud storage is now an important development trend in information technology. To ensure the integrity of data storage in cloud storing, researchers have present some provable data possession (PDP) schemes. However the schemes can't resist side-channel attacks. Moreover securing cryptographic implementations against side-channel attacks is one of the most important challenges in modern cryptography. In this paper, we propose the first leakage-resilient provable data possession (LR PDP) scheme, which utilizes leakage-resilient signature to construct the homomorphic authenticator. In the scheme, the homomorphic authenticator is based on probabilistic Boneh-Lynn-Shacham(BLS) short signature. Moreover, the leakage-resilient provable data possession can tolerate leakage of (1-O(1)/2) of the secret key at every tag invocation. And the security of the proposed scheme is proved in the generic bilinear group model.
Keywords: cloud computing; cryptography; digital signatures; storage management; BLS short signature; LR PDP scheme; cryptographic implementations; generic bilinear group model; homomorphic authenticator; information technology; leakage resilient provable data possession; leakage-resilient signature; probabilistic Boneh-Lynn-Shacham short signature; public cloud storage; secret key; side-channel attacks; tag invocation; Cascading style sheets; Cloud computing; Computational modeling; Cryptography; Data models; Servers; Cloud computing; leakage-resilient cryptology; provable data possession (ID#: 15-4800)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6998427&isnumber=6998244

Mortazavi, R.; Jalili, S., "Iterative Constraint Satisfaction Method for Microaggregation Problem," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.204,209, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994048 Abstract: In this paper, we propose a novel microaggregation algorithm to produce useful data in privacy preserving data publishing. Microaggregation is a clustering problem with known minimum and maximum group size constraints. We propose a local search algorithm that iteratively satisfies necessary constraints of an optimal solution of the problem. The algorithm solves the problem in O(n2) operations. Experimental results on real and synthetic data sets with different distributions confirm the effectiveness of the method.
Keywords: computational complexity; constraint satisfaction problems; data privacy; iterative methods; optimisation; pattern clustering; search problems; O(n2) operations; clustering problem; iterative constraint satisfaction method; local search algorithm; maximum group size constraints; microaggregation algorithm; microaggregation problem; minimum group size constraints; optimal solution; privacy preserving data publishing; Algorithm design and analysis; Clustering algorithms; Data privacy; Equations; Mathematical model; Partitioning algorithms; Time complexity; Clustering; Microaggregation; Privacy Preserving Data Publishing; k-anonymity (ID#: 15-4801)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994048&isnumber=6994006

Azimi, S.A.; Ahmadian, Z.; Mohajeri, J.; Aref, M.R., "Impossible Differential Cryptanalysis of Piccolo Lightweight Block Cipher," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp. 89, 94, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994028 Abstract: This paper analyzes the Piccolo family of lightweight block ciphers against the impossible differential cryptanalysis. A combination of some ploys such as decreasing the S-box computations, finding an appropriate propagation of differentials, utilizing hash tables and using the linearity of the key-schedule as well as disregarding subkeys of two rounds lead to 12-round and 13-round impossible differential attack on Piccolo-80 and 15-round attack on Piccolo-128. The time and data complexity of the attack against Piccolo-80 is 255.18 and 236.34 for 12-round and 269.7 and 243.25 for 13-round, respectively. Moreover, the time and data complexity for 15 rounds cryptanalysis of Piccolo-128 are 2125.4 and 258.7, respectively.
Keywords: cryptography; 12-round impossible differential attack; 13-round impossible differential attack; 15-round attack; Piccolo lightweight block cipher;Piccolo-128 cipher;Piccolo-80 cipher; S-box computation; differentials propagation; hash tables; impossible differential cryptanalysis; Ciphers; Data collection; Encryption; Memory management; Time complexity; Block cipher; Cryptanalysis; Impossible differential; Piccolo (ID#: 15-4802)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994028&isnumber=6994006

MirShahJafari, M.; Ghavamnia, H., "Classifying IDS Alerts Automatically for Use in Correlation Systems," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.126,130, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994035 Abstract: The large increase in computer network usage, and the huge amount of sensitive data being stored and transferred through them, has escalated the attacks and invasions on these networks. Intrusion detection systems help in detecting these attacks, but the large amount of false positives has decreased their usability. Different methods have been proposed to reduce the amount of these false positives, which consist of different classification methods. Aggregation of similar alerts is a method proposed to reduce false positives and the large number of alerts, but the problem is assigning similar alerts the same classification parameters. Rules have been created which correlate alerts based on three parameters, but the alerts should be labeled with these parameters. Labeling these alerts, is a time consuming task, because deep knowledge on each alert is required to correctly identify the parameters. This time consuming job has been done on 13000 Emerging Threats Snort signatures, and has been used as a knowledge base to label other alerts. In this paper a method has been proposed to label similar signatures automatically. This method uses word extraction from signatures to identify the words which can specify these labels automatically. To test the method around 1000 signatures, which have been classified manually, were classified by this method and the precision and recall has been computed. The results show that a large number of signatures can be classified using this method.
Keywords: computer network security; digital signatures; pattern classification; Emerging Threats Snort signatures; alert aggregation; alert assignment; alert correlation; alert labelling; attack detection; automatic IDS alert classification method; automatic signature labelling; classification parameters; computer network usage; correlation systems; false-positive reduction; intrusion detection systems; knowledge base; precision value; recall value; sensitive data storage; sensitive data transfer; signature classification; word extraction; Correlation; Data mining; Grippers; Intrusion detection; Knowledge based systems; Servers; Trojan horses; Alert labeling; Classification; Correlation (ID#: 15-4803)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994035&isnumber=6994006

Sadeghi, A.-A.; Aminmansour, F.; Shahriari, H.-R., "Tazhi: A Novel Technique for Hunting Trampoline Gadgets of Jump Oriented Programming (a Class of Code Reuse Attacks)," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp. 21, 26, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994016 Abstract: Code reuse attacks enable attackers to manipulate the memory and execute their own code on a target system without the need to inject any operating code in the memory space. Jump Oriented Programming is known as a class of this type which has two different kinds of implementation. The main idea is to chain different sequences of instructions terminated to an indirect jump by using controller gadgets called dispatchers or trampolines. This paper focuses on the second type of implementations which uses trampoline gadgets. Finding useful trampolines in different libraries is an issue that considered here. This paper shows useful intended and unintended trampolines available in some famous versions of libraries in Windows and Linux platforms. Additionally, our searching algorithm and a comparison between results of trampolines are presented.
Keywords: Linux; object-oriented programming; security of data; Linux platforms; Tazhi; Windows platforms; code reuse attacks; controller gadgets; dispatchers; jump oriented programming ;trampoline gadgets; Filtering;  algorithms; Libraries; Loading; Malware; Programming; Registers; Writing; Code Reuse Attacks; Jump Oriented Programming; Trampoline gadget (ID#: 15-4804)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994016&isnumber=6994006

Tajiki, M.M.; Akhaee, M.A., "Secure and Privacy Preserving Keyword Searching Cryptography," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.226,230, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994052 Abstract: Using storage systems outside a company endanger data security. This leads users to encrypt their information for risk mitigation. Although encryption improves confidentiality, it causes inefficiency such as the encrypted data is not searchable. In this paper, data would be stored in a cloud storage provider (CSP) in a way that it is secure and simultaneously searchable. To this end, one of the state-of-the art encryption schemes secure and privacy preserving keyword searching (SPKS) has been employed. The encryption algorithm employs CSP for partially decryption of the cipher texts. Consequently, the client computational and communication overhead in decryption will be reduced. Although the CSP participates in the deciphering process, it cannot detect any information about the plaintext. In this paper we show that due to lack of client signature in the SPKS, an attack called forging attack is applicable on it. An improved version of SPKS has been introduced and the security of the proposed scheme is analyzed.
Keywords: cloud computing; cryptography; data privacy; CSP; SPKS; cipher text partial decryption; cloud storage provider; communication overhead; computational overhead; deciphering process; encryption algorithm; forging attack; secure and privacy preserving keyword searching cryptography; Cloud computing; Encryption; Generators; Keyword search; Servers; Cloud storage data security; Searchable encryption; asymmetric encryption (ID#: 15-4805)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994052&isnumber=6994006

Kurt, M.; Duru, N., "Steganography Over Video Files Using Menezes Vanstone Elliptic Curve Cryptography Algorithm," Signal Processing and Communications Applications Conference (SIU), 2014. 22nd, pp. 1195, 1198, 23-25 April 2014. doi: 10.1109/SIU.2014.6830449 Abstract: In recent years information security and information privacy have been more important with an increment of technology. Different techniques of stenography and cryptography are used for sending information to recipient due to safety communication channel. Lots of algorithms have been developed as a result of these techniques. In this work the message to be sent is divided into consecutive two main parts are called coordinate data and stego data. Data represent coordinate points are encrypted with Modified Menezes Vanstone Elliptic Curve Cryptography (MMV - ECC) Algorithm and coordinate points are achieved. These coordinate points are found on related frame of video file in AVI format, and then these coordinate points' pixel value replace with decimal value of stego data.
Keywords: data privacy; public key cryptography; security of data; steganography; telecommunication channels; video coding; AVI format; MMV-ECC algorithm; coordinate data; coordinate point pixel value; decimal value; information privacy; information security; modified Menezes-Vanstone elliptic curve cryptography; safety communication channel; steganography; stego data; video files; Conferences; Elliptic curve cryptography; PSNR; Reactive power; Signal processing algorithms; İmage Processing; Cryptology; Steganography; Video Processing (ID#: 15-4806)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830449&isnumber=6830164

Xinyi Huang; Xiaofeng Chen; Jin Li; Yang Xiang; Li Xu, "Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems," Parallel and Distributed Systems, IEEE Transactions on, vol.25, no.7, pp. 1767, 1775, July 2014. doi: 10.1109/TPDS.2013.230 Abstract: This paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols.
Keywords: cryptographic protocols; distributed processing; message authentication; smart cards; distributed systems; key establishment protocol; security threats; smart-card-based password-authenticated key agreement; Authentication; Dictionaries; Educational institutions; Protocols; Servers; Smart cards; Authentication; key exchange; offline-dictionary attack; online-dictionary attack; smart card (ID#: 15-4807)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6594742&isnumber=6828815

Bidokhti, A.; Ghaemmaghami, S., "A Generalized Multi-Layer Information Hiding Scheme Using Wet Paper Coding," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp. 210, 213, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994049 Abstract: Multi-layer schemes have been proposed for steganography. Also some authors have combined these methods with the idea of wet paper codes and gained higher embedding efficiency. This paper proposes a generalized multi-layer method for wet paper embedding. First, the cover bits are divided into blocks and, by combining these bits in groups of 3, a pyramid is formed. Next, the secret message is embedded through a layer-by-layer procedure. The proposed method has higher embedding efficiency in some cases and provides more flexibility for choosing the embedding payload, especially in lower payload conditions.
Keywords: steganography; generalized multilayer information hiding scheme; layer-by-layer procedure; payload conditions; steganography; wet paper coding; wet paper embedding; Data mining; Educational institutions; Electrical engineering; Encoding; Payloads; Security; Vectors; Embedding efficiency; Embedding payload; Steganography; Wet Paper Codes (ID#: 15-4808)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994049&isnumber=6994006

Ahmadi, S.; Delavar, M.; Mohajeri, J.; Aref, M.R., "Security Analysis of CLEFIA-128," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp. 84, 88, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994027 Abstract: Biclique attack is one of the most recent methods for cryptanalysis of block ciphers. In this paper, we present a new biclique attack on the full round of the lightweight block cipher CLEFIA-128. We obtained 2127.44 for computational complexity while the data complexity is 264 and memory complexity is 27. To the best of our knowledge, it is the first biclique attack on the full CLEFIA-128 lightweight block cipher. Also, we show that MITM attack in the way of using partial matching with precomputation and recomputation technique can reduce the data complexity of the attack to only 2 known plaintext-ciphertext pairs.
Keywords: computational complexity; cryptography; pattern matching; CLEFIA-128; biclique attack; block ciphers; computational complexity; data complexity; partial matching; security analysis; Ciphers; Computational complexity; Encryption; Schedules; CLEFIA block cipher; MITM attack; biclique attack; lightweight cryptography; partial matching (ID#: 15-4809)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994027&isnumber=6994006

Rastegari, P.; Berenjkoub, M., "A Multi-Signer Convertible Limited Multi-Verifier Signature Scheme in the Standard Model," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp. 143, 148, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994038 Abstract: In a multi-signer convertible limited multi-verifier signature (MSCLMVS) scheme, a set of multi signers (co-signers) cooperatively creates a signature that can only be verified by limited verifiers. In this scheme, the conflicts between the authenticity and the privacy of the co-signers can be solved by controlling the verifiability. Moreover, the limited verifiers can designate the signature to a trusted third party such as a judge to convince him about the validity of the signature. Furthermore, both the co-signers and the limited verifiers can convert the signature to a traditional publicly verifiable signature if necessary. In this paper we present a multi-signer convertible limited multi-verifier signature scheme based on Waters' signature which is constructed by bilinear pairings. The proposed scheme is proved to be secure in the standard model by the assumption of the hardness of the Weak Gap Bilinear Diffie-Hellman problem. To the best of our knowledge, this is the first multi-signer convertible limited multi-verifier signature scheme with provable security without random oracles.
Keywords: data privacy; digital signatures; MSCLMVS; Waters signature; bilinear pairings; limited co-signers authenticity; multisigner convertible limited multiverifier signature scheme; privacy; signature verifiability control; standard model; weak gap bilinear Diffie-Hellman problem; Algorithm design and analysis; Polynomials; Probabilistic logic; Public key; Voltage control; Waters' signature; bilinear pairing; multi-signer convertible limited multi-verifier signature; multi-signer universal designated multi-verifier signature; random oracle; standard model (ID#: 15-4810)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994038&isnumber=6994006

Yajam, H.A.; Mousavi, A.S.; Amirmazlaghani, M., "A New Linguistic Steganography Scheme Based on Lexical Substitution," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.155, 160, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994040 Abstract: Recent studies in the field of text-steganography shows a promising future for linguistic driven stegosystems. One of the most common techniques in this field is known as lexical substitution which provides the requirements for security and payload capacity. However, the existing lexical substitution schemes need an enormous amount of shared data between sender and receiver which acts as the stego key. In this paper, we propose a novel encoding method to overcome this problem. Our proposed approach preserves the good properties of lexical substitution schemes while it provides short length stego keys and significant robustness against active adversary attacks. We demonstrate high efficiency of the proposed scheme through theoretical and experimental results.
Keywords: linguistics; natural language processing; steganography; text analysis; active adversary attacks; encoding method; lexical substitution; linguistic driven stegosystems; linguistic steganography scheme; natural language processing; payload capacity; receiver data; security requirements; sender data; stego key; text-steganography; Encoding; Natural languages;Pragmatics;Resistance;Robustness;Watermarking;Text;lexical substitution; natural language processing; steganography (ID#: 15-4811)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994040&isnumber=6994006

Najafi, A.; Sepahi, A.; Jalili, R., "Web Driven Alert Verification," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.180,185, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994044 Abstract: A web attack is an attack against a web server through the HTTP Protocol. By analyzing known web attacks, we find out that each one has its own behavior. Vestiges of their behavior could be detected in non-body parts of the HTTP Protocol. Such information can be used to verify web alerts generated by Web Application Firewalls (WAFs) and Web Intrusion Detection Systems (Web IDSs). In this paper, we propose a method to verify web alerts generated by mentioned sensors. The goal of the alert verification component is to eliminate or tag alerts that do not represent successful attacks. Our approach is based on analyzing HTTP Transaction metadata, including Request method, Request Headers, Status Code, and Response Headers. We implemented an alert verification module, reconfigured ModSecurity, modified a subset of the OWASP ModSecurity Core Rule Set, and developed knowledge-base of web attack vectors to evaluate our method. We show that our approach significantly reduces false and non-relevant alerts with quite low processing overhead, thus enhances the quality of the results.
Keywords: Internet; computer network security; hypermedia; meta data; transport protocols; HTTP protocol; HTTP transaction metadata analysis; OWASP ModSecurity Core Rule Set; WAF; Web IDS; Web application firewalls; Web attack; Web attack vector knowledge-base; Web driven alert verification; Web intrusion detection systems; Web server; alert verification module; reconfigured ModSecurity; request headers; request method; status code; Accuracy; Firewalls (computing);Intrusion detection; Knowledge based systems; Protocols; Web servers; HTTP Protocol; Intrusion Detection System; Web Application Firewall; alert verification; web attack (ID#: 15-4812)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994044&isnumber=6994006

Fathabadi, Z.F.; Nogoorani, S.D.; Hemmatyar, A.M., "CR-SMTC: Privacy Preserving Collusion-Resistant Multi-Party Trust Computation," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.167, 172, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994042 Abstract: The ever-increasing use of trust and reputation models has posed new challenges in distributed environments. One of these challenges is the computation of trust while preserving privacy of feedback providers. This is because of the fact that some people may report a dishonest value due to social pressure or fear of the consequences. In this paper, we propose a privacy-preserving collusion-resistant multi-party trust computation scheme which uses data perturbation and homomorphic encryption to preserve the privacy of feedbacks. Our scheme is consisted of two protocols for private summation (S-protocol) and inner product (P-protocol). Our protocols are resistant to collusion of up to m+1 and m+2 agents, respectively, where m is a configurable parameter. In addition, their computational complexities are O(nm) and O(n(m+h)), respectively, where n is the number of agents and h is the homomorphic encryption algorithm complexity. We compare our protocols with related works and show its superiority in terms of collusion-resilience probability as well as complexity.
Keywords: computational complexity; cryptographic protocols; data privacy; trusted computing; CR-SMTC; O(n(m+h)) computational complexity; O(nm) computational complexity; P-protocol; S-protocol; collusion resistant protocols; collusion-resilience probability; configurable parameter; data perturbation; dishonest value; distributed environments; feedback provider privacy preservation; homomorphic encryption; homomorphic encryption algorithm complexity; inner product protocols; privacy-preserving collusion-resistant multiparty trust computation scheme; private summation protocols; reputation model; social pressure; trust computation; trust model; Complexity theory; Computational modeling; Encryption; Privacy; Protocols; Resistance; collusion attack (key words);computational trust; data perturbation; homomorphic encryption; privacy preservation (ID#: 15-4813)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994042&isnumber=6994006

Orojloo, H.; Azgomi, M.A., "A Method for Modeling and Evaluation of the Security of Cyber-Physical Systems," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp. 131, 136, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994036 Abstract: Quantitative evaluation of security has always been one of the challenges in the field of computer security. The integration of computing and communication technologies with physical components, has introduced a variety of new security risks, which threaten cyber-physical components. It is possible that an attacker damage a physical component with cyber attack. In this paper, we propose a new approach for modeling and quantitative evaluation of the security of cyber-physical systems (CPS). The proposed method, considers those cyber attacks that can lead to physical damages. The factors impacting attacker's decision-making in the process of cyber attack to cyber-physical system are also taken into account. Furthermore, for describing the attacker and the system behaviors over time, the uniform probability distributions are used in a state-based semi-Markov chain (SMC) model. The security analysis is carried out for mean time to security failure (MTTSF), steady-state security, and steady-state physical availability.
Keywords: Markov processes; decision making; security of data; statistical distributions; CPS security; MTTSF; communication technology integration; computer security; computing technology integration; cyber attack; cyber-physical components; cyber-physical system security; decision-making; mean time-to-security failure; quantitative evaluation; security analysis; security risks; state-based SMC model; state-based semi-Markov chain model; steady-state physical availability; steady-state security; uniform probability distributions; Analytical models; Availability; Computational modeling; Mathematical model; Random variables; Security; Steady-state; Cyber-physical systems; physical damage; quantitative security evaluation; security modelling (ID#: 15-4814)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994036&isnumber=6994006

Nasr, P.M.; Varjani, A.Y., "Petri Net Model of Insider Attacks in SCADA System," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.55,60, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994022 Abstract: This paper investigates the use of Petri nets for modeling insider attacks on the Supervisory Control and Data Acquisition (SCADA) system. Insider attacks are one of the most dangerous threats for Critical Infrastructures (CIs). An insider attacker, by sending legitimate control commands, can bring catastrophic damages to CIs at the national level. Therefore, it is important to develop new model to study the sequence of the operator actions in the CIs. Many CIs are monitored and controlled by SCADA systems. This paper proposes a new modelling approach of operator behavior, for resolving alarms and insider attacks, in electric power SCADA. In order to study operator behavior, several attack scenarios have been studied to evaluate offered model. The proposed model is based on Colored Petri Nets (CPNs).
Keywords: Petri nets; SCADA systems; power engineering computing; security of data; CPN; Petri net model; colored Petri nets; electric power SCADA; insider attacks; operator behavior; supervisory control and data acquisition system; Analytical models; Computational modeling Monitoring; Petri nets; SCADA systems; Servers; Substations; Insider attack; SCADA; colored petri net (ID#: 15-4815)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994022&isnumber=6994006

Hajiabadi, M.H.; Saidi, H.; Behdadfar, M., "Scalable, High-Throughput and Modular Hardware-Based String Matching Algorithm," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.192,198, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994046 Abstract: String matching is the primary function of signature based intrusion detection systems. In this paper, a novel string matching algorithm is proposed based on the idea of searching words in a dictionary. We have also presented a scalable, high throughput, memory efficient and modular architecture for large scale string matching based on the proposed algorithm. The words of dictionary have been extracted from malicious patterns of Snort NIDS (2013) database. The memory efficiency of the proposed algorithms is directly proportional to the dissimilarity of patterns. In a large dictionary, it is feasible to create several groups in such a way that the members of each group satisfy a desired condition. The presented architecture is designed for implementation on the Field Programmable Gate Array and profits from the pipeline, modular structure and suitable utilization of distributed memory resources. Due to the routing limitation of FPGAs, the maximum length of patterns has been limited and a further solution suggested for tackling this obstacle. The post place & route implementation results of a set of 11895 patterns (117832 Byte) with lengths within the range from 2 to 20 characters show an efficiency of 1.47 Byte/Char or 0.28 (6-input LUT/char) and a maximum throughput of 2.38 Gbps. Other results for a set of 3471 patterns (104399 Byte) with lengths within 21 and 40 characters show an efficiency of 1.87 Byte/Char or 0.42 (6-input LUT/char) and the maximum throughput of 1.97 Gbps. Adding new string to dictionary is feasible by placing extra modules in architecture.
Keywords: field programmable gate arrays; pipeline processing; security of data; string matching; Snort NIDS database; dictionary; distributed memory resources; field programmable gate array; high-throughput string matching algorithm; large scale string matching; malicious patterns; modular architecture; modular hardware-based string matching algorithm; modular structure; pattern dissimilarity; pipeline; scalable string matching algorithm; signature based intrusion detection systems; Algorithm design and analysis; Dictionaries; Indexes; Memory management; Pattern matching;Throughput;Vectors; FPGA; Field programmble gate array; String matching; String matching algorithm; hardware based; intrusion detection system (ID#: 15-4816)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994046&isnumber=6994006

Hasanifard, M.; Ladani, B.T., "DoS and Port Scan Attack Detection in High Speed Networks," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.6 1, 66, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994023 Abstract: One of the necessities of high-speed Internet highways is the use of intrusion detection systems (IDSs). To this end, IDS should be able to process a high volume of traffic with limited resources. IDSs have improved significantly in recent years and they showed acceptable outcomes. However, there is no appropriate solution for high-speed networks. This paper proposes a solution for diagnosing denial of service (DoS) and port scan attacks as a layer of defense. The proposed method attains high speed rate using a parallel data structure to filter out DoS and port scan attacks from network traffic before entering the intrusion detection system. Attack filtering is based on statistical anomaly detection. The experimental results from implementing and evaluating the proposed method show acceptable records in both error rate and speed.
Keywords: Internet; computer network security; data structures; parallel processing; statistical analysis; telecommunication traffic; DoS; IDS; attack filtering; denial of service attack; high speed networks; high-speed Internet highways; intrusion detection systems; network traffic; parallel data structure; port scan attack detection; statistical anomaly detection; Computer crime; Data structures; Feature extraction; High-speed networks; IP networks; Ports (Computers);Servers; Data stream computing; Denial of service attack; Intrusion detection system; Port scan attack; Statistical anomaly detection (ID#: 15-4817)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994023&isnumber=6994006

Khosravi-Farmad, M.; Rezaee, R.; Bafghi, A.G., "Considering Temporal and Environmental Characteristics of Vulnerabilities in Network Security Risk Assessment," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.186, 191, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994045 Abstract: Assessing the overall security of a network requires a thorough understanding of interconnections between host vulnerabilities. In this paper, Bayesian attack graphs are used to model interconnections between vulnerabilities that enable the attacker to achieve a particular goal. In order to estimate the success probability of vulnerability exploitation, in addition to inherent characteristics of vulnerabilities, their temporal characteristics are also used to have more accurate estimation for current time of risk assessment. Since impacts of vulnerability exploitations in different environments varies from one organization to the other, environmental factors that affect the security goals such as confidentiality, integrity and availability are also considered which leads to a more precise assessment. Finally, the risk of each asset compromise is calculated by multiplying the unconditional probability of penetrating each asset in its resulted impact. The experimental results show that the proposed method effectively reduces the security risk in a test network in comparison to similar works.
Keywords: Bayes methods; graph theory; risk management; security of data; Bayesian attack graphs; environmental characteristics; network security; risk assessment; temporal characteristics; vulnerability exploitation; Availability; Bayes methods; Measurement; Organizations; Risk management; Security; Attack graph; Bayesian networks; CVSS framework ;Security risk assessment; Vulnerability (ID#: 15-4818)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994045&isnumber=6994006

Razian, M.R.; Sangchi, H.M., "A Threatened-Based Software Security Evaluation Method," Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on, pp.120,125, 3-4 Sept. 2014. doi: 10.1109/ISCISC.2014.6994034 Abstract: Nowadays, security evaluation of software is a substantial matter in software world. Security level of software will be determined by wealth of data and operation which it provides for us. The security level is usually evaluated by a third party, named Software Security Certification Issuance Centers. It is important for software security evaluators to perform a sound and complete evaluation, which is a complicated process considering the increasing number of emerging threats. In this paper we propose a Threatened-based Software Security Evaluation method to improve the security evaluation process of software. In this method, we focus on existing threatened entities of software which in turn result in software threats and their corresponding controls and countermeasures. We also demonstrate a Security Evaluation Assistant (SEA) tool to practically show the effectiveness of our evaluation method.
Keywords: security of data; software performance evaluation; software tools; SEA; security evaluation assistant tool; software security certification issuance centers; software threats; threatened-based software security evaluation method; Certification; Feature extraction; Organizations; Security; Software; Standards; Vectors; Assessment; Control; Evaluation; Security; Security Certification; Software; Software Security; Threat; Threatened (ID#: 15-4819)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6994034&isnumber=6994006

Junliang Shu; Juanru Li; Yuanyuan Zhang; Dawu Gu, "Android App Protection via Interpretation Obfuscation," Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on, pp.63,68, 24-27 Aug. 2014. doi: 10.1109/DASC.2014.20 Abstract: To protect Android app from malicious reproduction or tampering, code obfuscation techniques are introduced to increase the difficulty of reverse engineering and program understanding. Current obfuscation schemes focus more on the protection of the meta information over the executable code which contains valuable or patented algorithms. Therefore, a more sophisticated obfuscator is needed to improve the protection on the executable code. In this paper we propose SMOG, a comprehensive executable code obfuscation system to protect Android app. SMOG is composed of two parts, an obfuscation engine and an execution environment. The obfuscation engine is at software vendor's side to conduct the obfuscation on the app's executable code, and then release the obfuscated app to the end-user along with an execution token. The execution environment is setup by integrating the received execution token, which endows the Android Dalvik VM the capability to execute the obfuscated app. SMOG is an easily deployed system which proves fine-grained level protection. The obfuscated app generated by SMOG could resist static and dynamic reverse engineering. Moreover, the benchmark result shows SMOG only costs about 5% more performance in dispatching the incoming bytecode to the proper interpreter.
Keywords: Android (operating system);computer crime; data protection; reverse engineering; source code (software); Android Dalvik VM; Android app protection; SMOG; code obfuscation techniques; dynamic reverse engineering; executable code obfuscation system; executable code protection; execution environment; execution token; fine-grained level protection; interpretation obfuscation; malicious reproduction; meta information protection; obfuscated app; obfuscation engine; obfuscator;program understanding; software vendor; static reverse engineering; tampering; Conferences; Android App; Execution Token; Interpretation Obfuscation; Reverse Engineering; Static Disassembly (ID#: 15-4820)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6945305&isnumber=6945641

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.